Supporting Compliance through Enhancing Internal Control Systems by Conceptual Business Process Security Modeling
نویسندگان
چکیده
The importance of Business Process Modeling (BPM) particularly in sensitive areas combined with the rising impact of legislative requirements on IT operations results in a need to conceptually represent security semantics in BPM. We define critical security semantics that need to be incorporated in BPM to aid documentation of security needs and support compliant behavior of security systems. We analyze ways to express such semantics in BPM and their possible role in designing and operating internal control systems, which ensure and document the execution of compliance-related activities. The analysis shows that there are informal, semi-formal and formal approaches to represent security semantics in BPM. We consider the informal approaches as best suited to express security objectives and their formal counterparts as best to specify security mechanisms to enforce the objectives. All three groups of approaches have the potential to enhance the expressiveness and informative value of an internal control system.
منابع مشابه
A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process
The Sarbanes-Oxley Act introduces a new set of requirements into software development. Corporations need to assess their internal control effectiveness for business processes to show compliance with the act. This paper proposes a conceptual framework for integrating SarbanesOxley compliance needs into software development by mapping the activities of an established framework for internal contro...
متن کاملModeling the Resource Perspective of Business Process Compliance Rules with the Extended Compliance Rule Graph
Process-aware information systems must ensure compliance of the business processes they implement with global compliance rules related to security constraints, domain-specific guidelines, standards, and laws. Usually, respective compliance rules cover multiple process perspectives; i.e., they not only deal with the control flow perspective that restricts the sequence in which the process activi...
متن کاملUsing Internal Auditing in E-Banks and E-Credit Financial Institutes
Internal audit is a process affected by an entity ‘s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance. This definition reflects certain fundamental concepts. Internal control is: • Geared to achievement of objectives in one or more categories operations, reporti...
متن کاملIntegrating Security Aspects into Business Process Models (Integration von Sicherheitsaspekten in Geschäftsprozessmodelle)
Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the s...
متن کاملSupporting Applications Development and Operation Using IT Security and Audit Measures
The market success of the enterprises depends on the ability to support their business processes. This involves the requirement of a seamless, well-ordered operation of the whole company. Operation is greatly affected by the quality of its IT support. The information should be available, handled confidentially, preserving its integrity, have to be processed in a reliable, efficient, effective w...
متن کامل